I have a setup with a linux gateway connected to the internet serving two masqueraded networks, one my normal internal lan, the other a dmz running a web server. What I want to do is to use a machine on my normal lan to access the web server. Routing from the lan to the dmz using internal addresses works fine, but I want to be able to access the machine in the dmz via the external interface, so that the machine addresses I use to test the setup are exactly the same as those used by someone connecting from outside. I have seen the suggestion to add in the custom setup file: iptables -A INPUT -i eth0 -s 192.168.xxx.0/24 -d xxx.xxx.xx.xxx -j ACCEPT Now this gets me as far as my gateway - if I put a web server on the gateway I can access it with the external addresses from the internal LAN, but what I really want is to route this access to the server in the dmz. The routing works from outside my net, but I cannot simulate this from inside the net. Any suggestions? Regards, Derek